Having previously explored the benefits of Veridata EDC versus manual systems like Excel for storing and managing research data, Pharmaceutical Technology now takes a closer look at the benefits of Elsevier’s new electronic data capture (EDC) solution from the perspective of data security.
The company’s commercial manager, Philip Dunlop, highlights some of the data security features that make Veridata EDC a trusted tool among clinical researchers.
Q: How compliant is the solution with international data security regulations?
Veridata EDC’s ISO 27001 certification confirms that the solution meets international standards for data security. It means we’ve been externally audited against ISO 27001 requirements and accredited as a secure company with secure applications and protected data, working to the best security practices.
Team members working on Veridata EDC undertake regular training in order to remain educated on international data security regulations and how they relate to clinical research solutions like Veridata EDC.
Elsevier’s in-house Security & Compliance team monitor and validate our processes as well as technical and functional specifications to ensure we continue to meet the demands of ISO 27001 and other standards so that researchers remain confident that we meet the stringent requirements for data security and compliance regulations.
Q: What makes Veridata EDC a secure solution for carrying out clinical studies?
As a software as a service (SaaS) solution, Veridata EDC is hosted in the cloud by Amazon Web Services, a cloud solutions provider offering a suite of well known, highly regarded security features.
Unlike other EDC solution providers, Elsevier manages every aspect of the Veridata EDC platform, from the performance of its data centre to that of its EDC application, software updates and validation processes. Our in-house team of security experts is constantly monitoring, auditing and confirming that Veridata EDC and the infrastructure it’s built on is as secure as it can be against the latest threats.
Q: What features are included to ensure that data is kept safe and secure?
Veridata EDC uses Auth0 as a partner for user authentication. Auth0 is a web services company with very tight data security policies, and we’ve used their solutions to provide a secure entry in to Veridata EDC with the platform’s user authentication including log-ins, usernames, passwords and managing forgotten passwords.
Partnering with Auth0 enables us to use additional security measures such as multi-factor authentication on Veridata EDC. That includes the option to have one-time passwords sent to your phone or email, for example. We’ve introduced security options like these that extend beyond basic username and password systems for solutions storing clinical data.
Q: What else about Veridata EDC keeps data secure?
The database is always fully encrypted. This means that when the data is in different states of storage – either “at rest” in the cloud servers or in transit between the servers and application – it is never exposed. When data arrives at the application, it remains encrypted when it is passed between the layers of the application and infrastructure. Data is sent to and from the user’s device encrypted so patient data is always protected.
Q: What makes Veridata EDC superior to other solutions in terms of data security?
We regularly test and confirm the security of the code underpinning our software development lifecycle, and we run several periodic reviews throughout the year against both known and potential vulnerabilities.
The application’s source code is under constant review, ensuring that not only is the code written securely, but that any third-party tools used alongside the application are also checked against vulnerabilities.
These could include any tool the team uses to help launch a new feature on the platform, like a special button. Any third-party tool brought on to the platform is tested against existing security measures, and any weak points or potential anomalies between it and Veridata EDC’s systems is removed. These measures are built in to our software development lifecycle.
Q: What’s next for Veridata EDC in terms of data security and compliance?
As a company, Elsevier is in the process of becoming Privacy Shield-approved. Privacy Shield is an agreement between the EU and the US which brings data privacy laws in both jurisdictions in line with one another. Launched in 2016, its purpose is to allow data to be shared between the EU and US under the same laws and liabilities, because data protection laws in the EU are much tougher than in the US.
For Elsevier, gaining Privacy Shield approval allows us to run clinical trials in Europe with data coming in from the US, and vice versa. This means clinical data can move safely between Europe and the US while the same privacy and security laws apply.
This will in due course enable more international research and data sharing, and ultimately improved patient outcomes. Clinical researchers trust the fact that Veridata EDC is a highly secure and compliant solution which supports storage and management of sensitive research data.